Joined: 12 May 2004
|Posted: Sat Aug 22, 2009 7:26 am Post subject: [ GLSA 200908-08 ] ISC DHCP: dhcpd Denial of Service
|Gentoo Linux Security Advisory
Title: ISC DHCP: dhcpd Denial of Service (GLSA 200908-08)
Date: August 18, 2009
dhcpd as included in the ISC DHCP implementation does not properly handle
special conditions, leading to a Denial of Service.
ISC DHCP is the reference implementation of the Dynamic Host
Configuration Protocol as specified in RFC 2131.
Vulnerable: < 3.1.2_p1
Unaffected: >= 3.1.2_p1
Architectures: All supported architectures
Christoph Biedl discovered that dhcpd does not properly handle certain
DHCP requests when configured both using "dhcp-client-identifier" and
A remote attacker might send a specially crafted request to dhcpd,
possibly resulting in a Denial of Service (daemon crash).
There is no known workaround at this time.
All ISC DHCP users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.2_p1"
Last edited by GLSA on Sun Nov 22, 2009 4:29 am; edited 1 time in total